Having recently attended a course in Ethical Hacking it has made me dangerously aware of just how flawed some security systems can be. More specifically if you have ever found yourself working on a  project developing financial software it is guaranteed that you will have to deal with (and in turn protect) delicate personal information. This said I thought I would try to compile a top 5 security checks you should keep in mind while developing such projects:

1. SQL Injection / Cross Site Scripting – this is the biggest problem that catches most people out. In all places where a user can input data it’s important to sanitise the inputs to ensure SQL strings cannot be generated due to a rouge quotation mark.
2. Passwords – one of the easiest parts to not enforce in the security process is that of a strong password. Dictionary words should really be avoided seeing as they can be brute forced in a matter of minutes (this includes words with letters replaced with similar symbols i.e. ‘a’ and ‘@’). Complex passwords should be enforced by default and then particularly sensitive applications (i.e. Financial Software) should implement a multifactor log in procedure using methods such as RDA.
3. Employee Education – you can set guidelines in official company documents but chances are that they will get glanced over whenever an employee is asked to go though the document. Hands on education is the key to avoiding attacks based on Social Engineering techniques (more about this in a separate blog).
4. URL – If you are passing sensitive data or anything that can help an attacker figure out details about the file structure of your website it is important to obfuscate this part of the URL to prevent file directory manipulation based foot printing.
5. Windows Update – there are tools out there that can determine your OS in a matter of seconds and then compare its results against a database of known vulnerabilities. These can then be used to compromise the system in a multitude of different ways at the click of a button. In two mouse clicks you can potentially have access to someone else’s system; this can be avoided by simply keeping Windows patched and up to date.